Explain Path Traversal

Path traversal is a form of attack to read into the files of a web application. '../' (dot-dot-sequences) is a cross-platform symbol to go up in the directory. Path traversal makes use of this symbol to operate the web application file. The attacker can reveal the content of the file attacked using the path traversal outside the root directory of a web server or application. It is usually done to gain access to secret passwords, tokens, and other sensitive information stored in the files.

Path Traversal is also called “Directory Traversal”. It allows the attacker to exploit vulnerabilities present in the web file under attack.

Let’s take a simple example. Consider we have a “Show File” button that opens up some URL.

For a classic directory traversal attack, the attacker may try to access the system file /etc/passwd (assuming a UNIX/LINUX system). If the application receives the value of the file parameter from the URL and passes it to a system call, it would traverse the relative path ../../etc/passwd starting from /var/www and ask the system to load the password file.

This technique is also called a dot-dot-slash attack because it usually uses the special characters ../ (or .. on Windows) to climb to a higher-level directory.